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EFFICIENT PACKET ENCRYPTION METHOD 
Filed of the Invention 

The invention relates to telecommunication transmission, and in particular to 
a computationally efficient packet encryption method for streams of packets that are 
5 subject to loss and/or out-of-order delivery during transmission. 

Problem 

It is a problem in the field of packet transmission to increase the encryption 
security to prevent unauthorized devices from intercepting and decrypting the 
transmitted packets while providing a packet encryption method that does not 
:10 increase the computation time to encrypt and decrypt the plaintext stream. A 
second problem in the field of packet transmission is to reassemble the sequence 
of the packets at the destination while providing a packet encryption method that 
does not require excessive time for the receiver to decrypt and reassemble the 
packet stream. A third problem is to synchronize decryption of received packets in 
1 5 the presence of lost or out-of-sequence packets. 

In packet switching, both wired and wireless, packets of plaintext are sent 
through the network from a source to a destination. The packets are assembled 
and disassembled by the Packet Assembler/Disassembler into individual packets of 
plaintext. Each packet has a unique identification, a sequence number, and each 
20 packet comprises three principle elements, a header, a payload and, optionally, a 
trailer. The header includes control information such as sequence number, 
synchronizing bits, address of the destination, address of the source, length of the 
packet, etc. The payload is the plaintext that is being transmitted and the trailer 
includes an end of packet flag and error detection and correction bits. 
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For transmission on a packet switched network, a media stream is broken up 
into "packets". Each packet traverses through the network to the destination 
through available nodes and is transmitted from node to node as bandwidth 
becomes available for transmission. At the destination node, an attempt is made to 
5 reassemble the packets into the original contiguous stream. Since packets traverse 
through the network following different routes, packets often arrive at the 
destination out-of-sequence. Other packets may be lost within the network. 
Additional processing time is required at the destination to request retransmission 
of lost packets and/or packets received out-of-sequence and to reassemble the 
, 1 0 packets into the original contiguous message. 

:i In the field of packet transmission two encryption methods are commonly 

-i used, RC4 and Wired Equivalency Privacy (WEP). RC4 is an encryption method 
-= supported in Cellular Digital Packet Data (CDPD) and WEP is an encryption 
1 method supported by the IEEE 802.11 standard. The Institute of Electrical and 
-=15 Electronic Engineers (IEEE) is the standards making body responsible for many 
telecommunication and computing standards, including those used in Local Area 
Networks (LANs), the 802 series of standards. IEEE 802 Part 11b (802.11b) is 
commonly used for the increasingly popular wireless in building LANs. 

WEP and RC4 are "stream" cyphers, at the source they generate a string of 
20 random encryption bytes that are all exclusive OR'd with the plaintext bytes to form 
the ciphertext. Conversely, the ciphertext can be exclusive OR'd with the same 
encryption stream to restore the plaintext at the destination. 
RC4 Encryption Method 

RC4 runs from start to finish as a single stream generator, a very long 
25 stream generator. RC4 does not use the packet sequence number within the 
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encryption method; instead the sequence of the next bytes of payload plaintext is 
used. In other words, the encryption/decryption of each byte is dependent on the 
byte position within the overall stream. RC4 uses a key of up to 256 bytes to 
generate a 256 byte S-vector that is used to sequentially encrypt each successive 
5 byte of payload plaintext. The S-vector algorithm uses two variables, and the S- 
vector is permuted after each byte is encrypted, thus each encryption stream value 
is dependent on the number of payload bytes already encrypted or decrypted. 
Thus, the S-vector evolves over time, making it impractical to resynchronize RC4. 
When all of the bytes of payload plaintext have been encrypted, the 

10 ciphertext is assembled into packets and a header and trailer is added to each 
packet for transmission. The problem arises when a packet of data is lost during 
transmission. The destination knows that a packet has been lost (not yet received) 
£ because each header includes a sequence number. If the second packet does not 
arrive at the destination, the destination is able to decrypt the bytes of payload 

15 ciphertext within the first packet. However the destination can not decrypt the third 
packet that is received because the destination does not know how many bytes of 
payload ciphertext were transmitted in the missing second packet, thus requiring 
the destination to request retransmission of ail packets not received. This is 
impractical for real-time media streams. Since all of the bytes of plaintext were 

20 converted to ciphertext sequentially, the bytes of ciphertext must be processed in 
the same order for decryption. 

The RC4 encryption method just described fails to provide a method to 
decrypt subsequent received packets in the event a packet is unrecoverably lost 
during transmission. 

25 
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Wired Equivalency Privacy (WEP) Encryption Metliod 

IEEE 802.11b employs the Wired Equivalency Privacy (WEP) method. The 
similarity between RC4 and WEP is that WEP uses RC4 by reinitializing the method 
for each packet using the sequence number as a part of the key. The WEP 
5 encryption method is reinitialized by rekeying (selecting a new key) and generating 
a new S-vector using the new key. 

To solve the problem created using RC4, WEP uses RC4 with the exception 
that WEP uses the same Incremented S-vector for each packet whereas RC4 used 
the incremented S-vector for each byte of the payload. By generating a new S- 
= 10 vector for each packet, the destination is able to decrypt each packet in any order 
received and in the presence of lost packets. In other words, WEP runs from start 
to finish of one packet, whereas RC4 runs start to finish for each payload stream 
regardless of the number of packets transmitted for the payload stream. This 
makes WEP inefficient for small packets like audio communication since a new S- 
]71 5 vector has to be computed for each packet. 

While the problem of lost packets preventing decryption at the destination is 

ru 

resolved; rekeying and reinitializing the method for each packet is computationally 
intensive and has been shown to be insecure. It has been demonstrated that there 
are security flaws in WEP. See Stubblefield, et al., "Using the Fluhrer, Martin, and 
20 Shamir attack to break WEP," 

http://www.cs.rice.edu/~astubble/wep/wep_attack.html 

and "Weaknesses in the Key Scheduling Method of RC4," 
http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf. Some PC cards 
reset the packet sequence number to zero every time they are initialized, and then 
25 increment by one for every use. While this method decreases processing time, it 
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results in a high likelihood that keystreams will be reused, leading to simple 
cryptanalytic attacks against the ciphertext, and decryption of the message traffic. 
If a hacker is able to break the encryption code for one packet, the hacker can 
decrypt all of the packets. Another problem with WEP Is that It is computationally 
5 intensive. The S-vector loop requires 256 steps (for a 256-byte vector) and for 
each packet the S-vector is recomputed. 

RC4 increments the S-vector for each byte in the payload plaintext stream 
making the RC4 encryption method less computationally intensive at the sacrifice of 
not being able to quickly recover when a packet is lost within the network. WEP 
10 solves the problem by providing a less secure encryption method that is 
computationally intensive, thus increasing the overhead time required to encrypt 
;i the plaintext stream and decrypt the ciphertext stream. 

The encryption methods just described fail to provide a method for efficiently 
encrypting a stream of payload plaintext while allowing the destination to decrypt 
- 1 5 the received packets if a packet is lost during transmission. 

:~ For these reasons, there exists a need for an efficient packet encryption 

method that does not increase the time required to encrypt the payload plaintext 
and decrypt the payload ciphertext and that has the ability to recover following loss 
of a packet or packets arriving out-of-order. 

20 Solution 

The present efficient packet encryption method overcomes the problems 
outlined above and advances the art by providing a method that does not re- 
compute the S-vector for each packet, thus reducing the time required to encrypt 
the payload plaintext and decrypt the payload ciphertext. The present efficient 

25 packet encryption method also overcomes the problem of lost or out-of-order 



-5- 



13217.176 401047-A-01-US 
packets by providing a method that utilizes the packet sequence number to initialize 
two variables within the encryption method. A third and a fourth variable are 
injected into the calculation to minimize the predictability of the values used within 
the encryption calculations and to decrease the frequency at which the encryption 
5 stream repeats. 

The present efficient packet encryption method utilizes the standard RC4 
method to generate an initial S-vector using a secret key. Unlike WEP which 
generates a new S-vector for each successive packet, the S-vector is generated 
once for encrypting the entire plaintext stream, thus eliminating the time required to 

1 0 generate a new S-vector for each subsequent packet. 
Variable Calculation 

Two variables, 1 and j, are used to produce an encryption stream that is 
exclusive OR'd with each byte of plaintext within a packet. New values for variables 
i and j are calculated for successive plaintext bytes within a packet. Unlike RC4 

1 5 where variables i and j are initially set to zero and are incremented for subsequent 
plaintext bytes in the payload, after the initial S-vector is generated a starting 
sequence number is generated for the first packet. A first portion of the sequence 
number represents variable J and a second portion of the sequence number is used 
to calculate variable i. 

20 In an embodiment, variable i is calculated by exclusive ORing the second 

portion of the sequence number with the value of S[j], where SQ] is derived from the 
S-vector. Injecting a third variable, S[j], into calculating the starting value of variable 
i eliminates the predictability of variable i, thus making the present efficient packet 
encryption method more secure from known-plaintext attacks. New starting values 

25 of variables i and j are calculated for each subsequent packet. Using the sequence 
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number to generate the encryption stream provides a method for deciphering 
packets at the destination regardless of the order in which they are received. It also 
provides a method for deciphering the subsequent packets received after a packet 
is lost, thus reducing the time to encrypt, transmit, and decipher successive packets 
5 of plaintext. 

Calculating Successive Encryption and Ciphertext Bytes 

If the next successive byte within the packet has not been encrypted, 
variables i and j are recalculated for each successive byte within the packet. 
Second variable i is recalculated as the sum of second variable i from the previous 

10 iteration plus a fourth variable k, where k is the byte sequence number within the 
packet payload. At the start of each packet, k reset and k Is incremented for each 
successive byte of plaintext within the packet. Fourth variable k is used in 
calculating of second variable i to reduce the possibility of parts of the same 
encryption stream being reused within different packets when the present efficient 

15 packet encryption method is utilized to encrypt large payloads of plaintext. First 
variable j is recalculated as the sum of first variable j from the previous iteration 
plus third and forth variables S[i] and sQ] respectively, where S[i] and sQ] are 
derived from the S-vector. 

Injecting S[r], into the encryption method generates an encryption stream 

20 where the encryption stream does not repeat over a long sequence of packets. 
Without inclusion of S[r], the encryption stream would repeat approximately every 
eleven minutes at 100 packets per second. Injecting S[r] into the calculation 
generates an encryption stream that would repeat every forty-six hours, thus 
making the present efficient packet encryption method more secure. 
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In another embodiment the S-vector is permuted during the encryption of 
each successive packet. In this embodiment, when the S-vector is first calculated, 
a copy of the S-vector is saved. For each successive byte of plaintext encrypted, 
the values within the S-vector pointed to by the first variable j and the second 
5 variable i are swapped. By swapping the values within the S-vector for each 
successive byte of plaintext, the S-vector is permuted over time so that the 
encryption stream generated for long plaintext payloads is less likely to repeat 
within a packet When all of the bytes of plaintext within the packet have been 
encrypted, the initial S-vector is restored for use encrypting or decrypting the next 
==10 packet. 

:2- Calculate First Encryption and Ciphertext Byte 

The first byte of the encryption stream is derived from the S-vector using the 
"r formula E = S [ S[i] + Sjj] ]. The location within the S-vector that is pointed to by the 
- sum of S[i] and S|j] contains the next byte of the encryption stream. At the 
f =15 transmitter, the next byte of the encryption stream is used to calculate the next byte 
ii of the cipher stream. The next byte in the encryption stream is exclusive OR'd 
(XOR'd) with the next plaintext byte in the packet payload to generate the next 
ciphertext byte. 

At the receiver, the received next ciphertext byte is decrypted by XORing the 
20 next received ciphertext byte with the next calculated encryption byte to recover the 
next plaintext byte. The next step in the present efficient packet encryption method 
is to determine if the last plaintext byte in the first packet payload has been 
encrypted. 

When all successive plaintext bytes within the next packet have been 
25 encrypted, the packet sequence number is incremented and the method loops back 
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to calculate new values for variable i and j from the next successive packet 
sequence number. The initially generated S-vector is used for all successive 
packets. 

A first advantage of the present efficient packet encryption method is a 
5 reduction in per-packet processing time. Using the same S-vector for successive 
packets reduces the per-packet processing time to encrypt the plaintext stream or 
decrypt the cyphertext stream, making the present efficient packet encryption 
method more efficient than previous encryption methods such as the WEP method 
previously discussed. A second advantage of the present efficient packet 
10 encryption method is that it is not subject to the same attack that renders WEP 
insecure. 

A third advantage of the present efficient packet encryption method is that it 
is designed to easily resynchronize to the packets in the presence of packet loss 
and/or out-of-sequence packet reception. The present efficient packet encryption 

15 method uses each packet sequence number to choose the initial value of variables 
i and j, and increments the packet sequence number for successive packets. RC4 
does not use sequence numbers and the receiver must therefore count bytes from 
the beginning of the cipher stream, a process that is time consuming and does not 
recover from loss of a packet. 

20 Using the sequence number to initialize the i and j variables makes the next 

value of 1 and j predictable. Injecting a third variable, SD] when calculating the initial 
value of variable i eliminates the predictability of determining the values of variables 
i and j, making the present efficient packet encryption method more secure. 
Injecting S[r] into the calculation generates an encryption stream in which the 

25 packet encryption stream does not repeat as frequently, providing additional 
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security from hackers. Likewise, byte sequence number k is injected to reduce the 
likelihood that a fragment of the encryption stream will repeat somewhere across a 
long sequence of packets. 

Brief Description of the Drawings 
5 Figure 1 illustrates a sequence of payload plaintext for transmission over a 

packet switching network; 

Figure 2 illustrates a flow diagram of a prior art RC4 method for generating a 
standard S-vector; and 

Figure 3 illustrates a flow diagram of the present efficient packet encryption 
10 method. 

Detailed Description 

The efficient packet encryption method summarized above and defined by 
the enumerated claims may be better understood by referring to the following 
detailed description, which should be read in conjunction with the accompanying 

15 drawings. This detailed description of the preferred embodiment is not intended to 
limit the enumerated claims, but to serve as a particular example thereof. In 
addition, the phraseology and terminology employed herein is for the purpose of 
description, and not of limitation. 

In packet switching, both wired and wireless, packets of payload plaintext 

20 are transmitted through the network from a source to a destination. The packets 
are assembled and disassembled by the Packet Assembler/Disassembler into 
individual packets of payload data. Each packet has a unique Identification, a 
sequence number, and each packet comprises three principle elements, a header, 
a payload and a trailer. The header includes control information such as sequence 

25 number, synchronizing bits, address of the destination, address of the source. 
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length of the packet, etc. The payload is the data or plaintext that is being 
transmitted and the trailer includes an end of packet flag and error detection and 
correction bits. 

Packet Switching — Figure 1 : 

5 Referring to figure 1, for transmission on a packet switched network 100, a 

single message, or stream of data, 110 is broken up into "packets". Each packet 
112, 114, 116, and 118, labeled 1 through 4 respectively, traverses through 
network 100 to the destination through available nodes 120, 122, 124, 126, 128, 
and 130 and Is transmitted from node to node as bandwidth becomes available for 

10 transmission. At the destination node 130, packets 112, 114, 116, and 118 are 
reassembled into the original contiguous message or stream. Since packets 
traverse through network 100 following different routes, packs often arrive at 
destination 130 out-of-sequence. Other packets may be lost within the network. 
Additional processing time is required at the destination to request transmission of 

15 lost packets and to reassemble the packets into the original contiguous message. 
In many cases, retransmission of the lost packets cannot be accomplished in a 
timely manner, hence the lost packet is unrecoverable. 

A main feature of packet switching is the manner in which the transmission 
links are shared on an as-needed basis. Each packet is transmitted as soon as the 

20 appropriate link is available, and no link is held by a source that has nothing to 
send. After source node 120 transmits the first packet 112, it must follow the same 
process to send the remaining packets. Each packet may travel a different route 
between source node 120 and destination node 130 and each packet has a 
sequence number. The sequence numbers, 1-4 in this example, are used at 

25 destination node 130 to reassemble the packets into the original contiguous 
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message 110. For example, first packet 112 moves from source node 120 to first 
node 122. Second packet 114 leaves source node 120 and moves to first node 
122 while first packet 112 moves on to destination node 130, arriving at destination 
node 130 first and in sequence. As third packet 116 moves from first node 122 to 
5 destination node 130, third packet 116 leaves source node 120 and moves to third 
node 126. The last packet 118 moves from source node 120 to first node 122 while 
third packet 116 moves to destination node 130. Since the route third packet 1 16 is 
traveling is longer than the route last packet 118 is traveling, last packet 118 and 
third packet 116 may arrive at destination node 130 out-of-sequence. 

10 Similarly, if another node on the network transmits a packet out of turn, the 

packet may collide with one of the packets being transmitted by source node 120, 
resulting in a lost packet. Thus, destination node 130 receives three of the four 
packets. As the processor at destination node 130 reassembles the packets, it 
realizes that a packet is missing. Using RC4 and WEP encryption methods 

15 previously described, destination node 130 would not be able to decrypt packets 
that are received out-of-order or any packets received after a lost packet. 

Encryption schemes fall Into two general categories: symmetric encryption 
systems and asymmetric encryption systems. In symmetric encryption systems, 
such as those conforming to the Data Encryption Standard (DES), the same key is 

20 used by the originator to encrypt the data (i.e., convert the plaintext to ciphertext) 
and by the recipient to decrypt the same data (I.e., convert ciphertext back to 
plaintext). The present efficient packet encryption method is symmetric. 
S-Vector Generation — Figure 2: 

The present efficient packet encryption method utilizes the standard RC4 

25 method to generate a starting S-vector. Referring to figure 2, the transmitter and 
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receiver agree on a secret key to be used for encryption/decryption of the plaintext 
in block 210. The transmitter may randomly generate a secret key and transmit the 
secret key to the receiver in the first packet header or the two devices may agree to 
use a specific key during call set-up. For purpose of Illustration, the present 
5 efficient encryption method is described and Illustrated comprising a 256-member 
vector although vectors of other lengths could be substituted. 

In block 220, the secret key Is repeated, if necessary, to sequentially fill a 
256-member K-vector with bytes of the secret key. The value of each byte within 
the 256-member K-vector is less than 256. In block 230, a 256-member S-vector is 
10 initialized such that S[i] = i for all i between 0 and 255. Using the standard RC4 
method, the initial S-vector is scrambled in block 240 using the K-vector. All 
arithmetic operations are carried out modulo 256. 
'-z Step 1 Receive secret key and generate K-vector using the secret key 

Initialize an S-vector following standard encryption method 
-= 1 5 such that S[i] = i for all 0 < i < 255 

:z Scramble the initial S-vector using the K-vector where 

J = 0 

for i = 0 to 255, 

j=j + S[i] + K[i]; 
20 swap S[i] and SQ]. 

where the values of S[i], SO] and K[i] are derived from the S-vector and the K- 
vector. After the initial S-vector has been generated, variables for encrypting 
packets of plaintext are calculated. 

25 
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Variable Calculation — Figure 3: 

Variables used for encrypting the packet plaintext are i and j. Unlike RC4 
where i and j are Initially set to zero and are incremented for subsequent bytes of 
plaintext within the plaintext stream In the encryption calculation, or the WEP 
5 method for which RC4 is reinitialized at the beginning of each packet, the present 
efficient packet encryption method uses the sequence number to start the 
encryption process for each packet. The initial sequence number may be a 
randomly generated sequence number. The sequence number is Incremented and 
the next sequence number is used to encrypt each next packet. Referring to the 
10 flow diagram in figure 2, the rollover counter, r, is initially reset to zero in block 310 
and the initial sequence number is randomly generated in block 320 for the first 
IZ packet. 

"'^ Step 2 Set initial sequence number (increment sequence number for 

L successive packets) 

1^1 5 Set initial rollover counter r = 0 

™ (Increment r, modulo 256, if sequence number = 0) 

Reset byte sequence number k = 0 
The value of rollover counter r is used when calculating a variable, j, used to 
generate the encryption stream. Likewise, to prevent the same encryption 
20 sequence between packets, byte sequence number k is used to calculate variable, 
I, used in generating the encryption stream. 

The sequence number comprises at least two bytes, a low order byte and a 
next-to-low order byte. If the sequence number is comprised of more than two 
bytes, the excess high-order part is used, modulo 256, as the rollover counter r. 
25 Variable j is Initialized to be equal to the high order byte of the sequence number in 
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block 330. Variable i is calculated in block 330 as the exclusive OR of the low order 
byte of the sequence number with SO]. 
Step 3 Set variables i and j 

j = high order sequence number 
5 i = (low order sequence number) © S[j] 

where Sjj] Is derived from the previously generated S-vector. Setting the initial 
value of variables i and j using the sequence number provides a method for 
reassembling, or synchronizing, the decryption of the packets at the receiver 
regardless of the order in which the packets are received. 

10 Use of a sequence number alone in the encryption of plaintext packets 

makes the next value of variables i and j predictable, therefore the encryption 
method is insecure. Using a known-plaintext attack, once several packets are 
successfully decrypted, an attacker is able to derive information about elements of 
the S-vector. Once enough information about S-vector elements is derived using 

15 this attack, it is possible to determine the rest of the S-vector and decrypt the 
ciphertext. Injecting the variable SO] into the calculation of the initial value of 
variable i in block 330 decreases the predictability of variable i since the value of 
SO] is derived from the S-vector, thus preventing a certain known-plaintext attack 
against the S-vector. Exclusive ORing the low order sequence number with SO] 

20 insures that any relationship gained from the known-plaintext attack are nonm- 
linear. Thus, the present efficient packet encryption method is more secure from 
know-plaintext attacks. 
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Calculating Successive Packet Variables 

To further increase the security of the present efficient packet encryption 
method, variables i and j are further calculated in block 340 for each subsequent 
byte of plaintext using a second calculation. 

Step 4 Calculate variables i and j using 
i = i + k 

j=j + S[i] + S[r] 

where r is the value of the rollover counter and S[i] and S[r] are derived fronn the S- 
vector, and k is the byte sequence number within the packet. As previously 
discussed, in an embodiment, when the encryption method is initialized, the rollover 
counter is set to zero in block 320. The rollover counter in this embodiment is 
incremented when the sequence number increments from all Is to 0. The 
sequence number can be substituted for the rollover counter when the encryption 
method is initialized, and incremented as described above for incrementing the 
rollover counter. 

In an embodiment, second variable i is recalculated as the sum of second 
variable i from the previous iteration plus a fourth variable k, where k is the packet 
payload byte sequence number. At the start of each packet, k is reset and k is 
incremented for each successive byte of plaintext within the packet. Fourth 
variable k is used in calculating of second variable i to reduce the possibility of 
portion of the encryption stream being reused in different packets when the present 
efficient packet encryption method is utilized. First variable j is recalculated as the 
sum of first variable j from the previous iteration plus third variable S[i] plus forth 
variable S[r], where S[i] and S[r] are derived from the S-vector. While second 
variable i could merely be increment by one for each subsequent plaintext byte 
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within the packet, portion of the encryption steam used for pne packet would be 
reused for some other packets. Thus, using byte sequence number k to recalculate 
variable i for successive bytes of plaintext within the packet prevents repetition for 
payloads no longer than 2^^^ bytes and thus adds additional security to the present 
5 efficient packet encryption method. 

Injecting S[r] into the encryption calculation in block 340 and incrementing 
the value of r in block 320 as necessary for subsequent packets decreases the 
frequency at which the encryption stream repeats. Without using S[r] in calculating 
sequential j variables, encrypting 100 packets per second would cause the 

^10 encryption stream to repeat every eleven minutes, making decryption by a hacker 
easier. Injecting S[r] into calculating variable j for each byte in the packet and 

Z incrementing r as necessary for every next packet, the encryption stream repeats 

S approximately every forty-six hours. Thus, injecting the additional rollover counter 
variable r into the present efficient packet encryption method provides additional 
15 security from hackers. 

= While calculation of variables i and j have been described using a variable r 

from a rollover counter or the sequence number directly, other methods of setting 
the r-value could be substituted. Other known methods for generating an r-value 
include randomly selecting a starting r value and distributing the r value as a part of 
20 the header or the value of r could be derived from a protocol other than RTP. 
Likewise, alternative methods of updating the counter could be substituted for 
incrementing the counter when the sequence number increments from a series of 
all Is to a series of all Os. Using the variables i and j generated in block 340, an 
encryption byte is calculated in block 350. 

25 
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Calculating First Encryption and Ciphertext Bytes 

The first byte of the encryption stream is calculated in block 350 using the 
values for variables i and j calculated in previous step 4. 

Step 5 Calculate next byte in the packet encryption stream using 
5 E[k] = S[S[i] + SD]] 

where the binary value of S[i] and S[j] are derived from the S-vector. The location 
within the S-vector that is pointed to by the sum of S[i] and S[j] contains the next 
byte of the encryption stream. Using the next byte of the encryption stream, the 
next byte of the cipher stream is calculated In block 360. 

10 In an optional embodiment the S-vector is permuted, or scrambled, in block 

380 during the encryption of each successive packet. In this embodiment, prior to 
encrypting the first byte of plaintext within the packet, a copy of the S-vector is 
saved. For each successive byte of plaintext, the value within the S-vector pointed 
to by the first variable j and the second variable i are swapped. By swapping the 

15 values within the S-vector for each successive byte of plaintext, the S-vector is 
permuted over time so that the encryption stream generated for long plaintext 
payloads is less likely to repeat within a packet. When all of the bytes of plaintext 
within the packet have been encrypted, the initial S-vector is restored for use 
encrypting or decrypting the next packet. 

20 Both the transmitter and the receiver follow steps 1 through 5 to generate the 

same encryption stream. At the transmitter, the encryption stream is used to 
generate a ciphertext stream. At the receiver, the stream of ciphertext is received 
and the encryption stream is used to decipher the ciphertext to recover the 
plaintext. 

25 Step 6 Transmitter: Calculate next byte ciphertext stream using 
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C[k] = E ® P[k] where P[k] = k"" byte of plaintext 
Receiver: Calculate next byte plaintext stream using 
P[k] = E © C[k] 

Where P[k] is the next byte of plaintext in the packet payload. In step 4, at the 
5 transmitter the next byte in the encryption strean^i is XOR'd with the next plaintext 
byte in the packet payload to generate a next byte ciphertext. 
Step 7 Increment byte sequence 
k = k + 1 

After the next byte of plaintext has been converted to ciphertext in block 360, byte 

1 0 sequence k is increment by one in block 390. The next step in the present efficient 
packet encryption method is to determine in decision block 370 whether the last 
plaintext byte in the first packet payload has been encrypted. If the next byte of 
plaintext within the packet payload has not been encrypted, the method repeats 
steps 3-6 for each successive byte of the payload. When all bytes within the 

15 payload plaintext stream have been encrypted/decrypted, the method returns to 
step 2 for the next packet. 

The S-vector generated in blocks 230 and 240 is used to compute all 
variables in blocks 330 through 350 for each payload of plaintext to be transmitted. 
Unlike WEP where the S-vector is re-calculated for every packet, in the present 

20 efficient packet encryption method, the S-vector is not reinitialized for the present 
stream of payload plaintext; It may be restored if the optional swapping of S-vector 
elements is implemented. The S-vector is not re-calculated until the transmitter is 
ready to send a new stream of payload plaintext. 

Utilizing the present efficient packet encryption method provides an 

25 increased level of security while reducing the computation time to successfully 
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transmit an entire stream of payload plaintext. Eliminating the re-calculation of an 
S-vector for every packet eliminates the computational steps for generating a new 
S-vector for each packet. 

Using the present efficient packet encryption method does not sacrifice 
5 security to save time. Instead, injecting an additional variable in computing variable 
i, increases the security. Likewise, inclusion of the counter used for calculating 
variable j further increases the security of the present efficient packet encryption 
method by generating an encryption stream that repeats less frequently. 

As to alternative embodiments, those skilled in the art will appreciate that the 
-10 present efficient packet encryption method can be generated using a variety of 
methods for generating the initial sequence number and the initial value for variable 
- r. While the present efficient packet encryption method has been described and 
J illustrated generating a first random sequence number and setting the rollover 
counter r to zero, alternative methods may be used. Similarly, although the preset 
1 5 efficient packet encryption method has been illustrated and described with a 256- 
:i member vector, those skilled in the art will appreciate that a vector having an 
alternative numbers of members may be substituted. 

It is apparent that there has been described an efficient packet encryption 
method that fully satisfies the objects, aims, and advantages set forth above. While 
20 the efficient packet encryption method has been described in conjunction with 
specific embodiments thereof, it is evident that many alternatives, modifications, 
and/or variations can be devised by those skilled in the art in light of the foregoing 
description. Accordingly, this description is Intended to embrace all such 
alternatives, modifications and variations as fall within the spirit and scope of the 
25 appended claims. 
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